我正在使用以下方式编写 HTTP 服务器简单的框架 http://www.simpleframework.org/并希望要求客户提供由我的证书颁发机构签名的有效证书才能建立连接。
我编写了以下基本服务器。如何修改此代码以要求对所有 SSL 连接进行客户端证书身份验证?
public static void main(String[] args) throws Exception {
Container container = createContainer();
Server server = new ContainerServer(container);
Connection connection = new SocketConnection(server);
SocketAddress address = new InetSocketAddress(8443);
KeyManagerFactory km = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore serverKeystore = KeyStore.getInstance(KeyStore.getDefaultType());
try(InputStream keystoreFile = new FileInputStream(SERVER_KEYSTORE_PATH)) {
serverKeystore.load(keystoreFile, "asdfgh".toCharArray());
}
km.init(serverKeystore, SERVER_KS_PASSWORD.toCharArray());
TrustManagerFactory tm = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore caKeystore = KeyStore.getInstance(KeyStore.getDefaultType());
try(InputStream caCertFile = new FileInputStream(CA_CERT_PATH)) {
caKeystore.load(caCertFile, CA_KS_PASSWORD.toCharArray());
}
tm.init(caKeystore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(km.getKeyManagers(), tm.getTrustManagers(), null);
connection.connect(address, sslContext);
}
Try this
public class MyServer implements org.simpleframework.transport.Server {
private Server delegateServer;
public MyServer(Server delegateServer){
this.delegateServer = delegateServer;
}
public void process(Socket socket){
socket.getEngine().setNeedClientAuth(true);
delegateServer.process(socket);
}
}
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)